12874c5fdSThomas Gleixner // SPDX-License-Identifier: GPL-2.0-or-later
21da177e4SLinus Torvalds /*
31da177e4SLinus Torvalds * IPv6 fragment reassembly
41da177e4SLinus Torvalds * Linux INET6 implementation
51da177e4SLinus Torvalds *
61da177e4SLinus Torvalds * Authors:
71da177e4SLinus Torvalds * Pedro Roque <roque@di.fc.ul.pt>
81da177e4SLinus Torvalds *
91da177e4SLinus Torvalds * Based on: net/ipv4/ip_fragment.c
101da177e4SLinus Torvalds */
111da177e4SLinus Torvalds
121da177e4SLinus Torvalds /*
131da177e4SLinus Torvalds * Fixes:
141da177e4SLinus Torvalds * Andi Kleen Make it work with multiple hosts.
151da177e4SLinus Torvalds * More RFC compliance.
161da177e4SLinus Torvalds *
171da177e4SLinus Torvalds * Horst von Brand Add missing #include <linux/string.h>
181da177e4SLinus Torvalds * Alexey Kuznetsov SMP races, threading, cleanup.
191da177e4SLinus Torvalds * Patrick McHardy LRU queue of frag heads for evictor.
201da177e4SLinus Torvalds * Mitsuru KANDA @USAGI Register inet6_protocol{}.
211da177e4SLinus Torvalds * David Stevens and
221da177e4SLinus Torvalds * YOSHIFUJI,H. @USAGI Always remove fragment header to
231da177e4SLinus Torvalds * calculate ICV correctly.
241da177e4SLinus Torvalds */
255a3da1feSHannes Frederic Sowa
265a3da1feSHannes Frederic Sowa #define pr_fmt(fmt) "IPv6: " fmt
275a3da1feSHannes Frederic Sowa
281da177e4SLinus Torvalds #include <linux/errno.h>
291da177e4SLinus Torvalds #include <linux/types.h>
301da177e4SLinus Torvalds #include <linux/string.h>
311da177e4SLinus Torvalds #include <linux/socket.h>
321da177e4SLinus Torvalds #include <linux/sockios.h>
331da177e4SLinus Torvalds #include <linux/jiffies.h>
341da177e4SLinus Torvalds #include <linux/net.h>
351da177e4SLinus Torvalds #include <linux/list.h>
361da177e4SLinus Torvalds #include <linux/netdevice.h>
371da177e4SLinus Torvalds #include <linux/in6.h>
381da177e4SLinus Torvalds #include <linux/ipv6.h>
391da177e4SLinus Torvalds #include <linux/icmpv6.h>
401da177e4SLinus Torvalds #include <linux/random.h>
411da177e4SLinus Torvalds #include <linux/jhash.h>
42f61944efSHerbert Xu #include <linux/skbuff.h>
435a0e3ad6STejun Heo #include <linux/slab.h>
44bc3b2d7fSPaul Gortmaker #include <linux/export.h>
452efdaaafSHangbin Liu #include <linux/tcp.h>
462efdaaafSHangbin Liu #include <linux/udp.h>
471da177e4SLinus Torvalds
481da177e4SLinus Torvalds #include <net/sock.h>
491da177e4SLinus Torvalds #include <net/snmp.h>
501da177e4SLinus Torvalds
511da177e4SLinus Torvalds #include <net/ipv6.h>
52a11d206dSYOSHIFUJI Hideaki #include <net/ip6_route.h>
531da177e4SLinus Torvalds #include <net/protocol.h>
541da177e4SLinus Torvalds #include <net/transp_v6.h>
551da177e4SLinus Torvalds #include <net/rawv6.h>
561da177e4SLinus Torvalds #include <net/ndisc.h>
571da177e4SLinus Torvalds #include <net/addrconf.h>
5870b095c8SFlorian Westphal #include <net/ipv6_frag.h>
59eec2e618SHannes Frederic Sowa #include <net/inet_ecn.h>
601da177e4SLinus Torvalds
61d4ad4d22SNikolay Aleksandrov static const char ip6_frag_cache_name[] = "ip6-frags";
62d4ad4d22SNikolay Aleksandrov
ip6_frag_ecn(const struct ipv6hdr * ipv6h)63fc08c258SFabian Frederick static u8 ip6_frag_ecn(const struct ipv6hdr *ipv6h)
64eec2e618SHannes Frederic Sowa {
65eec2e618SHannes Frederic Sowa return 1 << (ipv6_get_dsfield(ipv6h) & INET_ECN_MASK);
66eec2e618SHannes Frederic Sowa }
671da177e4SLinus Torvalds
687eb95156SPavel Emelyanov static struct inet_frags ip6_frags;
691da177e4SLinus Torvalds
70d4289fccSPeter Oskolkov static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *skb,
71d4289fccSPeter Oskolkov struct sk_buff *prev_tail, struct net_device *dev);
72f61944efSHerbert Xu
ip6_frag_expire(struct timer_list * t)7378802011SKees Cook static void ip6_frag_expire(struct timer_list *t)
74b836c99fSAmerigo Wang {
7578802011SKees Cook struct inet_frag_queue *frag = from_timer(frag, t, timer);
76b836c99fSAmerigo Wang struct frag_queue *fq;
77b836c99fSAmerigo Wang
7878802011SKees Cook fq = container_of(frag, struct frag_queue, q);
79b836c99fSAmerigo Wang
80a39aca67SEric Dumazet ip6frag_expire_frag_queue(fq->q.fqdir->net, fq);
811da177e4SLinus Torvalds }
821da177e4SLinus Torvalds
83fc08c258SFabian Frederick static struct frag_queue *
fq_find(struct net * net,__be32 id,const struct ipv6hdr * hdr,int iif)84648700f7SEric Dumazet fq_find(struct net *net, __be32 id, const struct ipv6hdr *hdr, int iif)
851da177e4SLinus Torvalds {
86648700f7SEric Dumazet struct frag_v6_compare_key key = {
87648700f7SEric Dumazet .id = id,
88648700f7SEric Dumazet .saddr = hdr->saddr,
89648700f7SEric Dumazet .daddr = hdr->daddr,
90648700f7SEric Dumazet .user = IP6_DEFRAG_LOCAL_DELIVER,
91648700f7SEric Dumazet .iif = iif,
92648700f7SEric Dumazet };
93c6fda282SPavel Emelyanov struct inet_frag_queue *q;
941da177e4SLinus Torvalds
95648700f7SEric Dumazet if (!(ipv6_addr_type(&hdr->daddr) & (IPV6_ADDR_MULTICAST |
96648700f7SEric Dumazet IPV6_ADDR_LINKLOCAL)))
97648700f7SEric Dumazet key.iif = 0;
989a375803SPavel Emelyanov
994907abc6SEric Dumazet q = inet_frag_find(net->ipv6.fqdir, &key);
1002d44ed22SEric Dumazet if (!q)
1019546377cSShan Wei return NULL;
1022d44ed22SEric Dumazet
103c6fda282SPavel Emelyanov return container_of(q, struct frag_queue, q);
1041da177e4SLinus Torvalds }
1051da177e4SLinus Torvalds
ip6_frag_queue(struct frag_queue * fq,struct sk_buff * skb,struct frag_hdr * fhdr,int nhoff,u32 * prob_offset)106f61944efSHerbert Xu static int ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
107415787d7SEric Dumazet struct frag_hdr *fhdr, int nhoff,
108415787d7SEric Dumazet u32 *prob_offset)
1091da177e4SLinus Torvalds {
110adf30907SEric Dumazet struct net *net = dev_net(skb_dst(skb)->dev);
111d4289fccSPeter Oskolkov int offset, end, fragsize;
112d4289fccSPeter Oskolkov struct sk_buff *prev_tail;
113d4289fccSPeter Oskolkov struct net_device *dev;
114d4289fccSPeter Oskolkov int err = -ENOENT;
1154ecbb1c2SEric Dumazet SKB_DR(reason);
116eec2e618SHannes Frederic Sowa u8 ecn;
1171da177e4SLinus Torvalds
1184ecbb1c2SEric Dumazet /* If reassembly is already done, @skb must be a duplicate frag. */
1194ecbb1c2SEric Dumazet if (fq->q.flags & INET_FRAG_COMPLETE) {
1204ecbb1c2SEric Dumazet SKB_DR_SET(reason, DUP_FRAG);
1211da177e4SLinus Torvalds goto err;
1224ecbb1c2SEric Dumazet }
1231da177e4SLinus Torvalds
124d4289fccSPeter Oskolkov err = -EINVAL;
1251da177e4SLinus Torvalds offset = ntohs(fhdr->frag_off) & ~0x7;
1260660e03fSArnaldo Carvalho de Melo end = offset + (ntohs(ipv6_hdr(skb)->payload_len) -
1270660e03fSArnaldo Carvalho de Melo ((u8 *)(fhdr + 1) - (u8 *)(ipv6_hdr(skb) + 1)));
1281da177e4SLinus Torvalds
1291da177e4SLinus Torvalds if ((unsigned int)end > IPV6_MAXPLEN) {
130415787d7SEric Dumazet *prob_offset = (u8 *)&fhdr->frag_off - skb_network_header(skb);
131d4289fccSPeter Oskolkov /* note that if prob_offset is set, the skb is freed elsewhere,
132d4289fccSPeter Oskolkov * we do not free it here.
133d4289fccSPeter Oskolkov */
134f61944efSHerbert Xu return -1;
1351da177e4SLinus Torvalds }
1361da177e4SLinus Torvalds
137eec2e618SHannes Frederic Sowa ecn = ip6_frag_ecn(ipv6_hdr(skb));
138eec2e618SHannes Frederic Sowa
139d56f90a7SArnaldo Carvalho de Melo if (skb->ip_summed == CHECKSUM_COMPLETE) {
140d56f90a7SArnaldo Carvalho de Melo const unsigned char *nh = skb_network_header(skb);
1411da177e4SLinus Torvalds skb->csum = csum_sub(skb->csum,
142d56f90a7SArnaldo Carvalho de Melo csum_partial(nh, (u8 *)(fhdr + 1) - nh,
143d56f90a7SArnaldo Carvalho de Melo 0));
144d56f90a7SArnaldo Carvalho de Melo }
1451da177e4SLinus Torvalds
1461da177e4SLinus Torvalds /* Is this the final fragment? */
1471da177e4SLinus Torvalds if (!(fhdr->frag_off & htons(IP6_MF))) {
1481da177e4SLinus Torvalds /* If we already have some bits beyond end
1491da177e4SLinus Torvalds * or have different end, the segment is corrupted.
1501da177e4SLinus Torvalds */
1515ab11c98SPavel Emelyanov if (end < fq->q.len ||
15206aa8b8aSNikolay Aleksandrov ((fq->q.flags & INET_FRAG_LAST_IN) && end != fq->q.len))
1532475f59cSPeter Oskolkov goto discard_fq;
15406aa8b8aSNikolay Aleksandrov fq->q.flags |= INET_FRAG_LAST_IN;
1555ab11c98SPavel Emelyanov fq->q.len = end;
1561da177e4SLinus Torvalds } else {
1571da177e4SLinus Torvalds /* Check if the fragment is rounded to 8 bytes.
1581da177e4SLinus Torvalds * Required by the RFC.
1591da177e4SLinus Torvalds */
1601da177e4SLinus Torvalds if (end & 0x7) {
1611da177e4SLinus Torvalds /* RFC2460 says always send parameter problem in
1621da177e4SLinus Torvalds * this case. -DaveM
1631da177e4SLinus Torvalds */
164415787d7SEric Dumazet *prob_offset = offsetof(struct ipv6hdr, payload_len);
165f61944efSHerbert Xu return -1;
1661da177e4SLinus Torvalds }
1675ab11c98SPavel Emelyanov if (end > fq->q.len) {
1681da177e4SLinus Torvalds /* Some bits beyond end -> corruption. */
16906aa8b8aSNikolay Aleksandrov if (fq->q.flags & INET_FRAG_LAST_IN)
1702475f59cSPeter Oskolkov goto discard_fq;
1715ab11c98SPavel Emelyanov fq->q.len = end;
1721da177e4SLinus Torvalds }
1731da177e4SLinus Torvalds }
1741da177e4SLinus Torvalds
1751da177e4SLinus Torvalds if (end == offset)
1762475f59cSPeter Oskolkov goto discard_fq;
1771da177e4SLinus Torvalds
178d4289fccSPeter Oskolkov err = -ENOMEM;
1791da177e4SLinus Torvalds /* Point into the IP datagram 'data' part. */
1801da177e4SLinus Torvalds if (!pskb_pull(skb, (u8 *) (fhdr + 1) - skb->data))
1812475f59cSPeter Oskolkov goto discard_fq;
18242ca89c1SStephen Hemminger
183d4289fccSPeter Oskolkov err = pskb_trim_rcsum(skb, end - offset);
184d4289fccSPeter Oskolkov if (err)
1852475f59cSPeter Oskolkov goto discard_fq;
1861da177e4SLinus Torvalds
187d4289fccSPeter Oskolkov /* Note : skb->rbnode and skb->dev share the same location. */
188219badfaSEric Dumazet dev = skb->dev;
189219badfaSEric Dumazet /* Makes sure compiler wont do silly aliasing games */
190219badfaSEric Dumazet barrier();
1911da177e4SLinus Torvalds
192d4289fccSPeter Oskolkov prev_tail = fq->q.fragments_tail;
193d4289fccSPeter Oskolkov err = inet_frag_queue_insert(&fq->q, skb, offset, end);
194d4289fccSPeter Oskolkov if (err)
195d4289fccSPeter Oskolkov goto insert_error;
196d4289fccSPeter Oskolkov
197d4289fccSPeter Oskolkov if (dev)
198d4289fccSPeter Oskolkov fq->iif = dev->ifindex;
1991da177e4SLinus Torvalds
2005ab11c98SPavel Emelyanov fq->q.stamp = skb->tstamp;
201*4d25ca2dSAbhishek Chauhan fq->q.tstamp_type = skb->tstamp_type;
2025ab11c98SPavel Emelyanov fq->q.meat += skb->len;
203eec2e618SHannes Frederic Sowa fq->ecn |= ecn;
2046ce3b4dcSEric Dumazet add_frag_mem_limit(fq->q.fqdir, skb->truesize);
2051da177e4SLinus Torvalds
206dbd1759eSWillem de Bruijn fragsize = -skb_network_offset(skb) + skb->len;
207dbd1759eSWillem de Bruijn if (fragsize > fq->q.max_size)
208dbd1759eSWillem de Bruijn fq->q.max_size = fragsize;
209dbd1759eSWillem de Bruijn
2101da177e4SLinus Torvalds /* The first fragment.
2111da177e4SLinus Torvalds * nhoffset is obtained from the first fragment, of course.
2121da177e4SLinus Torvalds */
2131da177e4SLinus Torvalds if (offset == 0) {
2141da177e4SLinus Torvalds fq->nhoffset = nhoff;
21506aa8b8aSNikolay Aleksandrov fq->q.flags |= INET_FRAG_FIRST_IN;
2161da177e4SLinus Torvalds }
217f61944efSHerbert Xu
21806aa8b8aSNikolay Aleksandrov if (fq->q.flags == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
21997599dc7SEric Dumazet fq->q.meat == fq->q.len) {
22097599dc7SEric Dumazet unsigned long orefdst = skb->_skb_refdst;
221f61944efSHerbert Xu
22297599dc7SEric Dumazet skb->_skb_refdst = 0UL;
223d4289fccSPeter Oskolkov err = ip6_frag_reasm(fq, skb, prev_tail, dev);
22497599dc7SEric Dumazet skb->_skb_refdst = orefdst;
225d4289fccSPeter Oskolkov return err;
22697599dc7SEric Dumazet }
22797599dc7SEric Dumazet
22897599dc7SEric Dumazet skb_dst_drop(skb);
229d4289fccSPeter Oskolkov return -EINPROGRESS;
2301da177e4SLinus Torvalds
231d4289fccSPeter Oskolkov insert_error:
232d4289fccSPeter Oskolkov if (err == IPFRAG_DUP) {
2334ecbb1c2SEric Dumazet SKB_DR_SET(reason, DUP_FRAG);
2344ecbb1c2SEric Dumazet err = -EINVAL;
2354ecbb1c2SEric Dumazet goto err;
236d4289fccSPeter Oskolkov }
237d4289fccSPeter Oskolkov err = -EINVAL;
238d4289fccSPeter Oskolkov __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
239d4289fccSPeter Oskolkov IPSTATS_MIB_REASM_OVERLAPS);
24070789d70SNicolas Dichtel discard_fq:
241093ba729SEric Dumazet inet_frag_kill(&fq->q);
2421d015503SEric Dumazet __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
2433bd653c8SDenis V. Lunev IPSTATS_MIB_REASMFAILS);
244d4289fccSPeter Oskolkov err:
2454ecbb1c2SEric Dumazet kfree_skb_reason(skb, reason);
246d4289fccSPeter Oskolkov return err;
2471da177e4SLinus Torvalds }
2481da177e4SLinus Torvalds
2491da177e4SLinus Torvalds /*
2501da177e4SLinus Torvalds * Check if this packet is complete.
2511da177e4SLinus Torvalds *
2521da177e4SLinus Torvalds * It is called with locked fq, and caller must check that
2531da177e4SLinus Torvalds * queue is eligible for reassembly i.e. it is not COMPLETE,
2541da177e4SLinus Torvalds * the last and the first frames arrived and all the bits are here.
2551da177e4SLinus Torvalds */
ip6_frag_reasm(struct frag_queue * fq,struct sk_buff * skb,struct sk_buff * prev_tail,struct net_device * dev)256d4289fccSPeter Oskolkov static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *skb,
257d4289fccSPeter Oskolkov struct sk_buff *prev_tail, struct net_device *dev)
2581da177e4SLinus Torvalds {
259a39aca67SEric Dumazet struct net *net = fq->q.fqdir->net;
2601da177e4SLinus Torvalds unsigned int nhoff;
261d4289fccSPeter Oskolkov void *reasm_data;
262d4289fccSPeter Oskolkov int payload_len;
263eec2e618SHannes Frederic Sowa u8 ecn;
2641da177e4SLinus Torvalds
265093ba729SEric Dumazet inet_frag_kill(&fq->q);
2661da177e4SLinus Torvalds
267eec2e618SHannes Frederic Sowa ecn = ip_frag_ecn_table[fq->ecn];
268eec2e618SHannes Frederic Sowa if (unlikely(ecn == 0xff))
269eec2e618SHannes Frederic Sowa goto out_fail;
270eec2e618SHannes Frederic Sowa
271d4289fccSPeter Oskolkov reasm_data = inet_frag_reasm_prepare(&fq->q, skb, prev_tail);
272d4289fccSPeter Oskolkov if (!reasm_data)
273f61944efSHerbert Xu goto out_oom;
274f61944efSHerbert Xu
27580bfab79SEric Dumazet payload_len = -skb_network_offset(skb) -
2765ab11c98SPavel Emelyanov sizeof(struct ipv6hdr) + fq->q.len -
27780bfab79SEric Dumazet sizeof(struct frag_hdr);
2781da177e4SLinus Torvalds if (payload_len > IPV6_MAXPLEN)
2791da177e4SLinus Torvalds goto out_oversize;
2801da177e4SLinus Torvalds
2811da177e4SLinus Torvalds /* We have to remove fragment header from datagram and to relocate
2821da177e4SLinus Torvalds * header in order to calculate ICV correctly. */
2831da177e4SLinus Torvalds nhoff = fq->nhoffset;
284d4289fccSPeter Oskolkov skb_network_header(skb)[nhoff] = skb_transport_header(skb)[0];
285d4289fccSPeter Oskolkov memmove(skb->head + sizeof(struct frag_hdr), skb->head,
286d4289fccSPeter Oskolkov (skb->data - skb->head) - sizeof(struct frag_hdr));
287d4289fccSPeter Oskolkov if (skb_mac_header_was_set(skb))
288d4289fccSPeter Oskolkov skb->mac_header += sizeof(struct frag_hdr);
289d4289fccSPeter Oskolkov skb->network_header += sizeof(struct frag_hdr);
2901da177e4SLinus Torvalds
291d4289fccSPeter Oskolkov skb_reset_transport_header(skb);
2921da177e4SLinus Torvalds
293891584f4SGuillaume Nault inet_frag_reasm_finish(&fq->q, skb, reasm_data, true);
294ec16439eSEric Dumazet
295d4289fccSPeter Oskolkov skb->dev = dev;
296d4289fccSPeter Oskolkov ipv6_hdr(skb)->payload_len = htons(payload_len);
297d4289fccSPeter Oskolkov ipv6_change_dsfield(ipv6_hdr(skb), 0xff, ecn);
298d4289fccSPeter Oskolkov IP6CB(skb)->nhoff = nhoff;
299d4289fccSPeter Oskolkov IP6CB(skb)->flags |= IP6SKB_FRAGMENTED;
300d4289fccSPeter Oskolkov IP6CB(skb)->frag_max_size = fq->q.max_size;
3011da177e4SLinus Torvalds
3021da177e4SLinus Torvalds /* Yes, and fold redundant checksum back. 8) */
303d4289fccSPeter Oskolkov skb_postpush_rcsum(skb, skb_network_header(skb),
304d4289fccSPeter Oskolkov skb_network_header_len(skb));
3051da177e4SLinus Torvalds
306a11d206dSYOSHIFUJI Hideaki rcu_read_lock();
307e1ae5c2eSStephen Suryaputra __IP6_INC_STATS(net, __in6_dev_stats_get(dev, skb), IPSTATS_MIB_REASMOKS);
308a11d206dSYOSHIFUJI Hideaki rcu_read_unlock();
309fa0f5273SPeter Oskolkov fq->q.rb_fragments = RB_ROOT;
310d6bebca9SChangli Gao fq->q.fragments_tail = NULL;
311d4289fccSPeter Oskolkov fq->q.last_run_head = NULL;
3121da177e4SLinus Torvalds return 1;
3131da177e4SLinus Torvalds
3141da177e4SLinus Torvalds out_oversize:
315e87cc472SJoe Perches net_dbg_ratelimited("ip6_frag_reasm: payload len = %d\n", payload_len);
3161da177e4SLinus Torvalds goto out_fail;
3171da177e4SLinus Torvalds out_oom:
318e87cc472SJoe Perches net_dbg_ratelimited("ip6_frag_reasm: no memory for reassembly\n");
3191da177e4SLinus Torvalds out_fail:
320a11d206dSYOSHIFUJI Hideaki rcu_read_lock();
321e1ae5c2eSStephen Suryaputra __IP6_INC_STATS(net, __in6_dev_stats_get(dev, skb), IPSTATS_MIB_REASMFAILS);
322a11d206dSYOSHIFUJI Hideaki rcu_read_unlock();
3232475f59cSPeter Oskolkov inet_frag_kill(&fq->q);
3241da177e4SLinus Torvalds return -1;
3251da177e4SLinus Torvalds }
3261da177e4SLinus Torvalds
ipv6_frag_rcv(struct sk_buff * skb)327e5bbef20SHerbert Xu static int ipv6_frag_rcv(struct sk_buff *skb)
3281da177e4SLinus Torvalds {
3291da177e4SLinus Torvalds struct frag_hdr *fhdr;
3301da177e4SLinus Torvalds struct frag_queue *fq;
331b71d1d42SEric Dumazet const struct ipv6hdr *hdr = ipv6_hdr(skb);
332adf30907SEric Dumazet struct net *net = dev_net(skb_dst(skb)->dev);
3332efdaaafSHangbin Liu u8 nexthdr;
3349d9e937bSGeorg Kohmann int iif;
3351da177e4SLinus Torvalds
336f46078cfSHannes Frederic Sowa if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED)
337f46078cfSHannes Frederic Sowa goto fail_hdr;
338f46078cfSHannes Frederic Sowa
3391d015503SEric Dumazet __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMREQDS);
3401da177e4SLinus Torvalds
3411da177e4SLinus Torvalds /* Jumbo payload inhibits frag. header */
34298b3377cSDenis V. Lunev if (hdr->payload_len == 0)
34398b3377cSDenis V. Lunev goto fail_hdr;
34498b3377cSDenis V. Lunev
345ea2ae17dSArnaldo Carvalho de Melo if (!pskb_may_pull(skb, (skb_transport_offset(skb) +
34698b3377cSDenis V. Lunev sizeof(struct frag_hdr))))
34798b3377cSDenis V. Lunev goto fail_hdr;
3481da177e4SLinus Torvalds
3490660e03fSArnaldo Carvalho de Melo hdr = ipv6_hdr(skb);
3509c70220bSArnaldo Carvalho de Melo fhdr = (struct frag_hdr *)skb_transport_header(skb);
3511da177e4SLinus Torvalds
352e29f011eSFrancesco Ruggeri if (!(fhdr->frag_off & htons(IP6_OFFSET | IP6_MF))) {
3531da177e4SLinus Torvalds /* It is not a fragmented frame */
354b0e380b1SArnaldo Carvalho de Melo skb->transport_header += sizeof(struct frag_hdr);
3551d015503SEric Dumazet __IP6_INC_STATS(net,
356adf30907SEric Dumazet ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMOKS);
3571da177e4SLinus Torvalds
358d56f90a7SArnaldo Carvalho de Melo IP6CB(skb)->nhoff = (u8 *)fhdr - skb_network_header(skb);
359f46078cfSHannes Frederic Sowa IP6CB(skb)->flags |= IP6SKB_FRAGMENTED;
360e29f011eSFrancesco Ruggeri IP6CB(skb)->frag_max_size = ntohs(hdr->payload_len) +
361e29f011eSFrancesco Ruggeri sizeof(struct ipv6hdr);
3621da177e4SLinus Torvalds return 1;
3631da177e4SLinus Torvalds }
3641da177e4SLinus Torvalds
3652efdaaafSHangbin Liu /* RFC 8200, Section 4.5 Fragment Header:
3662efdaaafSHangbin Liu * If the first fragment does not include all headers through an
3672efdaaafSHangbin Liu * Upper-Layer header, then that fragment should be discarded and
3682efdaaafSHangbin Liu * an ICMP Parameter Problem, Code 3, message should be sent to
3692efdaaafSHangbin Liu * the source of the fragment, with the Pointer field set to zero.
3702efdaaafSHangbin Liu */
3712efdaaafSHangbin Liu nexthdr = hdr->nexthdr;
3721cd354feSgaoxingwang if (ipv6frag_thdr_truncated(skb, skb_network_offset(skb) + sizeof(struct ipv6hdr), &nexthdr)) {
3732efdaaafSHangbin Liu __IP6_INC_STATS(net, __in6_dev_get_safely(skb->dev),
3742efdaaafSHangbin Liu IPSTATS_MIB_INHDRERRORS);
3752efdaaafSHangbin Liu icmpv6_param_prob(skb, ICMPV6_HDR_INCOMP, 0);
3762efdaaafSHangbin Liu return -1;
3772efdaaafSHangbin Liu }
3782efdaaafSHangbin Liu
379648700f7SEric Dumazet iif = skb->dev ? skb->dev->ifindex : 0;
380648700f7SEric Dumazet fq = fq_find(net, fhdr->identification, hdr, iif);
38153b24b8fSIan Morris if (fq) {
382415787d7SEric Dumazet u32 prob_offset = 0;
383f61944efSHerbert Xu int ret;
3841da177e4SLinus Torvalds
3855ab11c98SPavel Emelyanov spin_lock(&fq->q.lock);
3861da177e4SLinus Torvalds
387648700f7SEric Dumazet fq->iif = iif;
388415787d7SEric Dumazet ret = ip6_frag_queue(fq, skb, fhdr, IP6CB(skb)->nhoff,
389415787d7SEric Dumazet &prob_offset);
3901da177e4SLinus Torvalds
3915ab11c98SPavel Emelyanov spin_unlock(&fq->q.lock);
392093ba729SEric Dumazet inet_frag_put(&fq->q);
393415787d7SEric Dumazet if (prob_offset) {
394415787d7SEric Dumazet __IP6_INC_STATS(net, __in6_dev_get_safely(skb->dev),
395415787d7SEric Dumazet IPSTATS_MIB_INHDRERRORS);
396d4289fccSPeter Oskolkov /* icmpv6_param_prob() calls kfree_skb(skb) */
397415787d7SEric Dumazet icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, prob_offset);
398415787d7SEric Dumazet }
3991da177e4SLinus Torvalds return ret;
4001da177e4SLinus Torvalds }
4011da177e4SLinus Torvalds
4021d015503SEric Dumazet __IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_REASMFAILS);
4031da177e4SLinus Torvalds kfree_skb(skb);
4041da177e4SLinus Torvalds return -1;
40598b3377cSDenis V. Lunev
40698b3377cSDenis V. Lunev fail_hdr:
407bdb7cc64SStephen Suryaputra __IP6_INC_STATS(net, __in6_dev_get_safely(skb->dev),
408d2373862SNikolay Aleksandrov IPSTATS_MIB_INHDRERRORS);
40998b3377cSDenis V. Lunev icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, skb_network_header_len(skb));
41098b3377cSDenis V. Lunev return -1;
4111da177e4SLinus Torvalds }
4121da177e4SLinus Torvalds
413cc24becaSIan Morris static const struct inet6_protocol frag_protocol = {
4141da177e4SLinus Torvalds .handler = ipv6_frag_rcv,
4151da177e4SLinus Torvalds .flags = INET6_PROTO_NOPOLICY,
4161da177e4SLinus Torvalds };
4171da177e4SLinus Torvalds
4188d8354d2SPavel Emelyanov #ifdef CONFIG_SYSCTL
4191bab4c75SNikolay Aleksandrov
4200a64b4b8SPavel Emelyanov static struct ctl_table ip6_frags_ns_ctl_table[] = {
421e71e0349SDaniel Lezcano {
4228d8354d2SPavel Emelyanov .procname = "ip6frag_high_thresh",
4233e67f106SEric Dumazet .maxlen = sizeof(unsigned long),
4248d8354d2SPavel Emelyanov .mode = 0644,
4253e67f106SEric Dumazet .proc_handler = proc_doulongvec_minmax,
4268d8354d2SPavel Emelyanov },
4278d8354d2SPavel Emelyanov {
4288d8354d2SPavel Emelyanov .procname = "ip6frag_low_thresh",
4293e67f106SEric Dumazet .maxlen = sizeof(unsigned long),
4308d8354d2SPavel Emelyanov .mode = 0644,
4316e00f7ddSEric Dumazet .proc_handler = proc_doulongvec_minmax,
4328d8354d2SPavel Emelyanov },
4338d8354d2SPavel Emelyanov {
4348d8354d2SPavel Emelyanov .procname = "ip6frag_time",
4358d8354d2SPavel Emelyanov .maxlen = sizeof(int),
4368d8354d2SPavel Emelyanov .mode = 0644,
4376d9f239aSAlexey Dobriyan .proc_handler = proc_dointvec_jiffies,
4388d8354d2SPavel Emelyanov },
4397d291ebbSPavel Emelyanov };
4407d291ebbSPavel Emelyanov
441e3a57d18SFlorian Westphal /* secret interval has been deprecated */
442e3a57d18SFlorian Westphal static int ip6_frags_secret_interval_unused;
4437d291ebbSPavel Emelyanov static struct ctl_table ip6_frags_ctl_table[] = {
4448d8354d2SPavel Emelyanov {
4458d8354d2SPavel Emelyanov .procname = "ip6frag_secret_interval",
446e3a57d18SFlorian Westphal .data = &ip6_frags_secret_interval_unused,
4478d8354d2SPavel Emelyanov .maxlen = sizeof(int),
4488d8354d2SPavel Emelyanov .mode = 0644,
4496d9f239aSAlexey Dobriyan .proc_handler = proc_dointvec_jiffies,
4508d8354d2SPavel Emelyanov },
4518d8354d2SPavel Emelyanov };
4527d460db9SDaniel Lezcano
ip6_frags_ns_sysctl_register(struct net * net)4532c8c1e72SAlexey Dobriyan static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
4548d8354d2SPavel Emelyanov {
455e4a2d5c2SPavel Emelyanov struct ctl_table *table;
4568d8354d2SPavel Emelyanov struct ctl_table_header *hdr;
4578d8354d2SPavel Emelyanov
4580a64b4b8SPavel Emelyanov table = ip6_frags_ns_ctl_table;
45909ad9bc7SOctavian Purdila if (!net_eq(net, &init_net)) {
4600a64b4b8SPavel Emelyanov table = kmemdup(table, sizeof(ip6_frags_ns_ctl_table), GFP_KERNEL);
46163159f29SIan Morris if (!table)
462e4a2d5c2SPavel Emelyanov goto err_alloc;
463e4a2d5c2SPavel Emelyanov
4648668d0e2SEric Dumazet }
4654907abc6SEric Dumazet table[0].data = &net->ipv6.fqdir->high_thresh;
4664907abc6SEric Dumazet table[0].extra1 = &net->ipv6.fqdir->low_thresh;
4674907abc6SEric Dumazet table[1].data = &net->ipv6.fqdir->low_thresh;
4684907abc6SEric Dumazet table[1].extra2 = &net->ipv6.fqdir->high_thresh;
4694907abc6SEric Dumazet table[2].data = &net->ipv6.fqdir->timeout;
470e4a2d5c2SPavel Emelyanov
471c899710fSJoel Granados hdr = register_net_sysctl_sz(net, "net/ipv6", table,
472c899710fSJoel Granados ARRAY_SIZE(ip6_frags_ns_ctl_table));
47363159f29SIan Morris if (!hdr)
474e4a2d5c2SPavel Emelyanov goto err_reg;
475e4a2d5c2SPavel Emelyanov
476e4a2d5c2SPavel Emelyanov net->ipv6.sysctl.frags_hdr = hdr;
477e4a2d5c2SPavel Emelyanov return 0;
478e4a2d5c2SPavel Emelyanov
479e4a2d5c2SPavel Emelyanov err_reg:
48009ad9bc7SOctavian Purdila if (!net_eq(net, &init_net))
481e4a2d5c2SPavel Emelyanov kfree(table);
482e4a2d5c2SPavel Emelyanov err_alloc:
483e4a2d5c2SPavel Emelyanov return -ENOMEM;
484e4a2d5c2SPavel Emelyanov }
485e4a2d5c2SPavel Emelyanov
ip6_frags_ns_sysctl_unregister(struct net * net)4862c8c1e72SAlexey Dobriyan static void __net_exit ip6_frags_ns_sysctl_unregister(struct net *net)
487e4a2d5c2SPavel Emelyanov {
488bfa858f2SThomas Weißschuh const struct ctl_table *table;
489e4a2d5c2SPavel Emelyanov
490e4a2d5c2SPavel Emelyanov table = net->ipv6.sysctl.frags_hdr->ctl_table_arg;
491e4a2d5c2SPavel Emelyanov unregister_net_sysctl_table(net->ipv6.sysctl.frags_hdr);
4923705e11aSYang Hongyang if (!net_eq(net, &init_net))
493e4a2d5c2SPavel Emelyanov kfree(table);
4948d8354d2SPavel Emelyanov }
4957d291ebbSPavel Emelyanov
4967d291ebbSPavel Emelyanov static struct ctl_table_header *ip6_ctl_header;
4977d291ebbSPavel Emelyanov
ip6_frags_sysctl_register(void)4987d291ebbSPavel Emelyanov static int ip6_frags_sysctl_register(void)
4997d291ebbSPavel Emelyanov {
50043444757SEric W. Biederman ip6_ctl_header = register_net_sysctl(&init_net, "net/ipv6",
5017d291ebbSPavel Emelyanov ip6_frags_ctl_table);
5027d291ebbSPavel Emelyanov return ip6_ctl_header == NULL ? -ENOMEM : 0;
5037d291ebbSPavel Emelyanov }
5047d291ebbSPavel Emelyanov
ip6_frags_sysctl_unregister(void)5057d291ebbSPavel Emelyanov static void ip6_frags_sysctl_unregister(void)
5067d291ebbSPavel Emelyanov {
5077d291ebbSPavel Emelyanov unregister_net_sysctl_table(ip6_ctl_header);
5087d291ebbSPavel Emelyanov }
5098d8354d2SPavel Emelyanov #else
ip6_frags_ns_sysctl_register(struct net * net)510fc08c258SFabian Frederick static int ip6_frags_ns_sysctl_register(struct net *net)
5118d8354d2SPavel Emelyanov {
5128d8354d2SPavel Emelyanov return 0;
5138d8354d2SPavel Emelyanov }
514e4a2d5c2SPavel Emelyanov
ip6_frags_ns_sysctl_unregister(struct net * net)515fc08c258SFabian Frederick static void ip6_frags_ns_sysctl_unregister(struct net *net)
516e4a2d5c2SPavel Emelyanov {
517e4a2d5c2SPavel Emelyanov }
5187d291ebbSPavel Emelyanov
ip6_frags_sysctl_register(void)519fc08c258SFabian Frederick static int ip6_frags_sysctl_register(void)
5207d291ebbSPavel Emelyanov {
5217d291ebbSPavel Emelyanov return 0;
5227d291ebbSPavel Emelyanov }
5237d291ebbSPavel Emelyanov
ip6_frags_sysctl_unregister(void)524fc08c258SFabian Frederick static void ip6_frags_sysctl_unregister(void)
5257d291ebbSPavel Emelyanov {
5267d291ebbSPavel Emelyanov }
5278d8354d2SPavel Emelyanov #endif
5288d8354d2SPavel Emelyanov
ipv6_frags_init_net(struct net * net)5292c8c1e72SAlexey Dobriyan static int __net_init ipv6_frags_init_net(struct net *net)
5308d8354d2SPavel Emelyanov {
531787bea77SEric Dumazet int res;
532787bea77SEric Dumazet
533a39aca67SEric Dumazet res = fqdir_init(&net->ipv6.fqdir, &ip6_frags, net);
534787bea77SEric Dumazet if (res < 0)
535787bea77SEric Dumazet return res;
5365a63643eSJesper Dangaard Brouer
5374907abc6SEric Dumazet net->ipv6.fqdir->high_thresh = IPV6_FRAG_HIGH_THRESH;
5384907abc6SEric Dumazet net->ipv6.fqdir->low_thresh = IPV6_FRAG_LOW_THRESH;
5394907abc6SEric Dumazet net->ipv6.fqdir->timeout = IPV6_FRAG_TIMEOUT;
5404907abc6SEric Dumazet
541787bea77SEric Dumazet res = ip6_frags_ns_sysctl_register(net);
542787bea77SEric Dumazet if (res < 0)
5434907abc6SEric Dumazet fqdir_exit(net->ipv6.fqdir);
544787bea77SEric Dumazet return res;
545e71e0349SDaniel Lezcano }
546e71e0349SDaniel Lezcano
ipv6_frags_pre_exit_net(struct net * net)547d5dd8879SEric Dumazet static void __net_exit ipv6_frags_pre_exit_net(struct net *net)
548d5dd8879SEric Dumazet {
549d5dd8879SEric Dumazet fqdir_pre_exit(net->ipv6.fqdir);
550d5dd8879SEric Dumazet }
551d5dd8879SEric Dumazet
ipv6_frags_exit_net(struct net * net)5522c8c1e72SAlexey Dobriyan static void __net_exit ipv6_frags_exit_net(struct net *net)
55381566e83SPavel Emelyanov {
5540a64b4b8SPavel Emelyanov ip6_frags_ns_sysctl_unregister(net);
5554907abc6SEric Dumazet fqdir_exit(net->ipv6.fqdir);
55681566e83SPavel Emelyanov }
55781566e83SPavel Emelyanov
55881566e83SPavel Emelyanov static struct pernet_operations ip6_frags_ops = {
55981566e83SPavel Emelyanov .init = ipv6_frags_init_net,
560d5dd8879SEric Dumazet .pre_exit = ipv6_frags_pre_exit_net,
56181566e83SPavel Emelyanov .exit = ipv6_frags_exit_net,
56281566e83SPavel Emelyanov };
56381566e83SPavel Emelyanov
56470b095c8SFlorian Westphal static const struct rhashtable_params ip6_rhash_params = {
565648700f7SEric Dumazet .head_offset = offsetof(struct inet_frag_queue, node),
56670b095c8SFlorian Westphal .hashfn = ip6frag_key_hashfn,
56770b095c8SFlorian Westphal .obj_hashfn = ip6frag_obj_hashfn,
56870b095c8SFlorian Westphal .obj_cmpfn = ip6frag_obj_cmpfn,
569648700f7SEric Dumazet .automatic_shrinking = true,
570648700f7SEric Dumazet };
571648700f7SEric Dumazet
ipv6_frag_init(void)572853cbbaaSDaniel Lezcano int __init ipv6_frag_init(void)
5731da177e4SLinus Torvalds {
574853cbbaaSDaniel Lezcano int ret;
5751da177e4SLinus Torvalds
57670b095c8SFlorian Westphal ip6_frags.constructor = ip6frag_init;
577c9547709SPavel Emelyanov ip6_frags.destructor = NULL;
5781e4b8287SPavel Emelyanov ip6_frags.qsize = sizeof(struct frag_queue);
579e521db9dSPavel Emelyanov ip6_frags.frag_expire = ip6_frag_expire;
580d4ad4d22SNikolay Aleksandrov ip6_frags.frags_cache_name = ip6_frag_cache_name;
581648700f7SEric Dumazet ip6_frags.rhash_params = ip6_rhash_params;
582d4ad4d22SNikolay Aleksandrov ret = inet_frags_init(&ip6_frags);
583d4ad4d22SNikolay Aleksandrov if (ret)
5845b975babSEric Dumazet goto out;
5855b975babSEric Dumazet
5865b975babSEric Dumazet ret = inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT);
5875b975babSEric Dumazet if (ret)
5885b975babSEric Dumazet goto err_protocol;
5895b975babSEric Dumazet
5905b975babSEric Dumazet ret = ip6_frags_sysctl_register();
5915b975babSEric Dumazet if (ret)
5925b975babSEric Dumazet goto err_sysctl;
5935b975babSEric Dumazet
5945b975babSEric Dumazet ret = register_pernet_subsys(&ip6_frags_ops);
5955b975babSEric Dumazet if (ret)
596d4ad4d22SNikolay Aleksandrov goto err_pernet;
5975b975babSEric Dumazet
598853cbbaaSDaniel Lezcano out:
599853cbbaaSDaniel Lezcano return ret;
6000002c630SPavel Emelyanov
6010002c630SPavel Emelyanov err_pernet:
6027d291ebbSPavel Emelyanov ip6_frags_sysctl_unregister();
6037d291ebbSPavel Emelyanov err_sysctl:
6040002c630SPavel Emelyanov inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT);
6055b975babSEric Dumazet err_protocol:
6065b975babSEric Dumazet inet_frags_fini(&ip6_frags);
6070002c630SPavel Emelyanov goto out;
608853cbbaaSDaniel Lezcano }
609853cbbaaSDaniel Lezcano
ipv6_frag_exit(void)610853cbbaaSDaniel Lezcano void ipv6_frag_exit(void)
611853cbbaaSDaniel Lezcano {
6127d291ebbSPavel Emelyanov ip6_frags_sysctl_unregister();
61381566e83SPavel Emelyanov unregister_pernet_subsys(&ip6_frags_ops);
614853cbbaaSDaniel Lezcano inet6_del_protocol(&frag_protocol, IPPROTO_FRAGMENT);
615ae7352d3SEric Dumazet inet_frags_fini(&ip6_frags);
6161da177e4SLinus Torvalds }
617